I have already passed Microsoft 70-412 certification exam yesterday….Scored 984/1000 in US! Many new exam questions added into the 2017 70-412 test! So I just come here to share with your guys and wish more 70-412 candidates can pass easily!

QUESTION 141Your network contains an Active Directory forest named contoso.com.The forest contains a single domain. The domain contains three domain controllers.The domain controllers are configured as shown in the following table.

You discover that when you run Group Policy Results from Group Policy Management, the settings from site-linked Group Policy objects (GPOs) fail to appear in the results.You need to ensure that the settings from site-linked GPOs appear in the results.What should you do first?

A. Run adprep on DC3 by using Windows Server 2012 R2 installation media.B. Transfer the infrastructure master role to DC3.C. Upgrade DC2 to Windows Server 2012 R2.D. Run adprep on DC1 by using Windows Server 2003 installation media.

Answer: AExplanation:In this scenario a Windows 2012 server has been added to a Windows 2003 network.Note:* Before adding your new Windows 2012 Domain Controller, or attempting to perform an inplace upgrade of an existing Windows 2008 or 2008 R2 DC, you must make sure that the Schema is upgraded to support your new Windows 2012 DC, and that you prepare each domain where you plan to install Windows 2012 DCs. To do this we can use the ADPREP.exe tool found in the support\adprep folder on your installation media.* Starting with Windows 2012 there is only one version of ADPREP available, and that is a 64-bit version.* Adprep is the utility–included in the OS installation media–that performs several crucial functions to upgrade AD to support that OS. The utility has three major options: /forestprep, /domainprep, and /rodcprep. The /forestprep option runs first, extending the AD schema with new object and attribute classes that the new AD version needs. The /domainprep option creates new well-known objects in AD, App1ies security changes, and miscellaneous other bits. Finally, /rodcprep makes forest-wide security changes to allow read-only domain controller (RODC) functionality. The Windows Server 2012 R2 version of adprep.exe can run on any server that runs a 64- bit version of Windows Server 2008 or later.http://technet.microsoft.com/en-us/library/bb726995.aspxhttp://www.ipuptime.net/Multicast.aspxhttp://technet.microsoft.com/en-us/library/gg144561(v=exchg.141).aspxhttp://en.wikipedia.org/wiki/Unique_local_address

QUESTION 142Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS Server server role installed. Server1 is configured to use a DNS server from an Internet Service Provider (ISP) as a forwarder. Corporate management requires that client computers only resolve names ofcontoso.com computers.You need to configure Server1 to resolve names in the contoso.com zone only.What should you do on Server1?

A. From DNS Manager, modify the root hints of Server1.B. From Windows PowerShell, run the Remove-DnsServerForwarder cmdlet.C. From Windows PowerShell, run the Set-NetDnsTransitionConfiguration cmdlet.D. From DNS Manager, modify the Advanced properties of Server1.

QUESTION 143You have a server named Server1 that runs Windows Server 2012 R2.Each day, Server1 is backed up fully to an external disk.On Server1, the disk that contains the operating system fails.You replace the failed disk.You need to perform a bare-metal recovery of Server1 by using the Windows RecoveryEnvironment (Windows RE).What should you use?

A. The Wbadmin.exe commandB. The Repair-bde.exe commandC. The Get-WBBareMetalRecovery cmdletD. The Start-WBVolumeRecovery cmdlet

Answer: AExplanation:A. Enables you to back up and restore your operating system, volumes, files, folders, andapplications from a command prompt.B. Accesses encrypted data on a severely damaged hard disk if the drive was encrypted by using BitLocker. Repair-bde can reconstruct critical parts of the drive and salvage recoverable data as long as a valid recovery password or recovery key is used to decrypt the data.C. Gets the value that indicates whether the ability to perform bare metal recoveries from backups has been added to the backup policy (WBPolicy object).D. Starts a volume recovery operation.

QUESTION 144You have a file server named Server1 that runs a Server Core Installation of Windows Server 2012 R2. Server1 has a volume named D that contains user data. Server1 has a volume named E that is empty. Server1 is configured to create a shadow copy of volume D every hour.You need to configure the shadow copies of volume D to be stored on volume E.What should you run?

A. The Set-Volume cmdlet with the -driveletter parameterB. The Set-Volume cmdlet with the -path parameterC. The vssadmin.exe add shadowstorage commandD. The vssadmin.exe create shadow command

Answer: CExplanation:A. Sets or changes the file system label of an existing volume. -DriveLetter Specifies a letter used to identify a drive or volume in the system.B. Sets or changes the file system label of an existing volume -Path Contains valid path information. C. Displays current volume shadow copy backups and all installed shadow copy writers and providers. AddShadowStroage Adds a shadow copy storage association for a specified volume.D. Displays current volume shadow copy backups and all installed shadow copy writers and providers. Shadow Creates a new shadow copy of a specified volume.http://technet.microsoft.com/en-us/library/cc754968(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/hh848673(v=wps.620).aspx

QUESTION 145Your network contains an Active Directory forest named contoso.com.All servers run Windows Server 2012 R2.The domain contains four servers.The servers are configured as shown in the following table.

You need to deploy IP Address Management (IPAM) to manage DNS and DHCP. On which server should you install IPAM?

QUESTION 147You have a server named Server1 that runs Windows Server 2012 R2. Server1 is located in the perimeter network and has the DNS Server server role installed. Server1 has a zone named contoso.com.You apply a security template to Server1. After you apply the template, users report that they can no longer resolve names from contoso.com. On Server1, you open DNS Manager as shown in the DNS exhibit. (Click the Exhibit button.)

On Server1, you open Windows Firewall with Advanced Security as shown in the Firewall exhibit. (Click the Exhibit button.)

You need to ensure that users can resolve contoso.com names.What should you do?

A. From Windows Firewall with Advanced Security, disable the DNS (TCP, Incoming) rule and theDNS (UDP, Incoming) rule.B. From DNS Manager, modify the Zone Transfers settings of the contoso.com zone.C. From DNS Manager, unsign the contoso.com zone.D. From DNS Manager, modify the Start of Authority (SOA) of the contoso.com zone.E. From Windows Firewall with Advanced Security, modify the profiles of the DNS (TCP, Incoming) ruleand the DNS (UDP, Incoming) rule.

Answer: EExplanation:To configure Windows Firewall on a managed DNS server On the Server Manager menu, click Tools and then click Windows Firewall with Advanced Security.Right-click Inbound Rules, and then click New Rule. The New Inbound Rule Wizard will launch.In Rule Type, select Predefined, choose DNS Service from the list, and then click Next.In Predefined Rules, under Rules, select the checkboxes next to the following rules:Click Next, choose Allow the connection, and then click Finish. Right-click Inbound Rules, and then click New Rule. The New Inbound Rule Wizard will launch.etc.

QUESTION 148Your network contains an Active Directory domain named corp.contoso.com.You deploy Active Directory Rights Management Services (AD RMS).You have a rights policy template named Template1. Revocation is disabled for the template.A user named User1 can open content that is protected by Template1 while the user is connected to the corporate network. When User1 is disconnected from the corporate network, the user cannot open the protected content evenif the user previously opened the content.You need to ensure that the content protected by Template1 can be opened by users who are disconnected from the corporate network.What should you modify?

A. The User Rights settings of Template1B. The templates file location of the AD RMS clusterC. The Extended Policy settings of Template1D. The exclusion policies of the AD RMS cluster

QUESTION 149Your company recently deployed a new Active Directory forest named contoso.com.The forest contains two Active Directory sites named Site1 and Site2.The first domain controller in the forest runs Windows Server 2012 R2.You need to force the replication of the SYSVOL folder from Site1 to Site2.Which tool should you use?

Answer: DExplanation:In Windows Server 2012 R2, Windows Server 2008 R2, or Windows Server 2008, you can force replication immediately by using DFS Management, as described in Edit Replication Schedules. You can also force replication by using the Dfsrdiag SyncNow command.You can force polling by using the Dfsrdiag PollAD command.http://technet.microsoft.com/en-us/library/cc773238(v=ws.10).aspx#BKMK_072

QUESTION 150You have 30 servers that run Windows Server 2012 R2.All of the servers are backed up daily by using Windows Azure Online Backup.You need to perform an immediate backup of all the servers to Windows Azure Online Backup. Which Windows PowerShell cmdlets should you run on each server?

QUESTION 152Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 is a file server that has the Hyper-V server role installed. Server1 hosts several virtual machines. The virtual machine configuration files are stored on drive D and the VHD files are stored on drive E.You plan to replace drive E with a larger volume.You need to ensure that the virtual machines on Server1 remain available while drive E is being replaced.What should you do?

A. Perform a quick migration.B. Add Server1 and Server2 as nodes in a failover cluster.C. Perform a live migration.D. Perform a storage migration.

QUESTION 153Your network contains an Active Directory domain named contoso.com. The domain contains a file server named File1 that runs a Server Core Installation of Windows Server 2012 R2. File1 has a volume named D that contains home folders. File1 creates a shadow copy of volume D twice a day.You discover that volume D is almost full.You add a new volume named H to File1.You need to ensure that the shadow copies of volume D are stored on volume H.Which command should you run?

A. The Set-Volume cmdlet with the -driveletter parameterB. The vssadmin.exe create shadow commandC. The Set-Volume cmdlet with the -path parameterD. The vssadmin.exe add shadowstorage command

Answer: DExplanation:A. Sets or changes the file system label of an existing volume. -DriveLetter Specifies a letter used to identify a drive or volume in the system.B. Displays current volume shadow copy backups and all installed shadow copy writers and providers. Shadow Creates a new shadow copy of a specified volume.C. Sets or changes the file system label of an existing volume -Path Contains valid path information.D. Displays current volume shadow copy backups and all installed shadow copy writers and providers.AddShadowStroage Adds a shadow copy storage association for a specified volume.http://technet.microsoft.com/en-us/library/cc754968(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/hh848673(v=wps.620).aspx

QUESTION 154Your network contains a perimeter network and an internal network.The internal network contains an Active Directory Federation Services (AD FS) 2.1 infrastructure.The infrastructure uses Active Directory as the attribute store.You plan to deploy a federation server proxy to a server named Server2 in the perimeter network. You need to identify which value must be included in the certificate that is deployed to Server2. What should you identify?

A. The FQDN of the AD FS serverB. The name of the Federation ServiceC. The name of the Active Directory domainD. The public IP address of Server2

Answer: BExplanation:Checklist: Setting Up a Federation Server Proxy(https://technet.microsoft.com/en-us/library/dd807100.aspx)Certificate Requirements for Federation Server Proxies“It is important to verify that the subject name in the server authentication certificate matches the Federation Service name value that is specified in the AD FS Management snap-in. To locate this value, open the snap-in, right-click Service, click Edit Federation Service Properties, and then find the value in Federation Service name text box.”https://technet.microsoft.com/en-us/library/dd807054.aspx

QUESTION 155You have a server named Server1 that runs Windows Server 2012 R2.Server1 has the File Server Resource Manager role service installed.You are creating a file management task as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that the Include all folders that store the following kinds of data list displays an entry named Corporate Data.What should you do?

A. Modify the properties of the System Files file group.B. Create a new classification property.C. Create a new file group.D. Modify the Folder Usage classification property.

Answer: DExplanation:Creating a new classification property is how you would get new properties to be available on individual folders. This question is asking how you get new items to appear in the “Include all folders that store the following kinds of data” list. To do that, you edit the Folder Usage property.

QUESTION 156Your network contains an Active Directory forest named adatum.com.The forest contains an Active Directory Rights Management Services (AD RMS) cluster.A partner company has an Active Directory forest named litwareinc.com.The partner company does not have AD RMS deployed.You need to ensure that users in litwareinc.com can consume rights-protected content from adatum.com.Which type of trust policy should you create?

QUESTION 157Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers.The domain controllers are configured as shown in the following table.

The Branch site contains a perimeter network.For security reasons, client computers in the perimeter network can communicate with client computers in the Branch site only.You plan to deploy a new RODC to the perimeter network in the Branch site.You need to ensure that the new RODC will be able to replicate from DC10.What should you do first on DC10?

Answer: AExplanation:Add-ADDSReadOnlyDomainControllerAccount Creates a read-only domain controller (RODC) account that can be used to install an RODC in Active Directory.Note:* NotesOnce you have added the RODC account, you can add an RODC to a server computer by using the Install-ADDSDomainController cmdlet with the -ReadOnlyReplica switch parameter.* ExampleAdds a new read-only domain controller (RODC) account to the corp.contoso.com domain using the North America site as the source site for the replication source domain controller.C:\PS>Add-ADDSReadOnlyDomainControllerAccount -DomainControllerAccountName RODC1 -DomainName corp.contoso.com -SiteName NorthAmerica Incorrect:Not B: There already is a branch site.Reference: Add-ADDSReadOnlyDomainControllerAccount

QUESTION 158Your network contains one Active Directory domain named contoso.com.The domain contains an IP Address Management (IPAM) server named Server1.Server1 manages several DHCP and DNS servers.From Server Manager on Server1, you create a custom role for IPAM.You need to assign the role to a group named IP_Admins.What should you do?

A. From Windows PowerShell, run the Add-Member cmdlet.B. From Server Manager, create an access policy.C. From Windows PowerShell, run the Set-IpamConfiguration cmdlet.D. From Server Manager, create an access scope.

Answer: BExplanation:A role is a collection of IPAM operations. You can associate a role with a user or group in Windows using an access policy. Several built-in roles are provided, but you can also create customized roles to meet your business requirements.https://technet.microsoft.com/en-us/library/dn741281.aspx

QUESTION 159Your network contains an Active Directory forest named contoso.com.The forest contains a single domain. The forest functional level is Windows Server 2012 R2.You have a domain controller named DC1. On DC1, you create a new Group Policy object (GPO) named GPO1.You need to verify that GPO1 was replicated to all of the domain controllers.Which tool should you use?

QUESTION 160Your network contains two DNS servers named DNS1 and DNS2 that run Windows Server 2012 R2. DNS1 has a primary zone named contoso.com. DNS2 has a secondary copy of thecontoso.com zone.You need to log the zone transfer packets sent between DNS1 and DNS2.What should you configure?

Pass 70-412 is not difficult! But you need more practice tests, I spent 1 month prepared for this exam! Here is full version of the exam dump, I want to share with you, maybe it can help you a little bit: